[squid-users] Fwd: Problems with NTLM authentication

Marcel lord.tek at gmail.com
Mon Oct 13 17:50:35 UTC 2014


Hello,

I unfortunately got no further response. Through experimentation I
discovered that this issue is magically gone in the more current versions
of Squid, for example in 3.4.8.

So far, so good. Now I have discovered that CPU usage (when using
ntlm_auth) is pegged at 100%, rendering the server useless.

Rock : hard place.

On 7 October 2014 21:25, Marcel <lord.tek at gmail.com> wrote:

> Hello,
>
> thank you for your input. Unfortunately I have to disagree with you
> because of two reasons:
>
> 1. That option is already enabled
> 2. The NTLM authentication works fine in Internet Explorer without Squid.
> It only breaks when going through Squid.
>
> I'd be very happy for further suggestions.
>
>
>
> On 7 October 2014 21:19, Brendan Kearney <bpk678 at gmail.com> wrote:
>
>> On Tue, 2014-10-07 at 20:50 +0200, Marcel wrote:
>> > Hello,
>> >
>> > I have some more information.
>> >
>> > The problem seems to have nothing to do with samba, krb5 or anything
>> > else. I set up a new squid that isn't in the AD and doesn't use any
>> > kind of authentication at all.
>> >
>> >
>> > I have the exact same problem. Here is my POC squid.conf:
>> >
>> > acl localnet src all
>> > http_access allow all
>> > http_port 3128
>> >
>> >
>> >
>> > That is the entire configuration in my tests. As you can see, it is
>> > absolutely impossible for it to be a configuration issue.
>> >
>> > Why can't I log on to a NTLM protected website with Internet Explorer
>> > when going over a squid proxy?
>> >
>> >
>> > It works fine in Firefox.
>> >
>> >
>> >
>> > ---------- Forwarded message ----------
>> > From: foggle <lord.tek at gmail.com>
>> > Date: 7 October 2014 18:10
>> > Subject: [squid-users] Problems with NTLM authentication
>> > To: squid-users at lists.squid-cache.org
>> >
>> >
>> > Hello,
>> >
>> > I have set up a squid Proxy that uses samba/ntlm/krb5 to do SSO AD
>> > authentication in the Company.
>> >
>> >
>> > This works fine.
>> >
>> > My problem is that external Websites on the Internet that use NTLM
>> > authentication of their own do not work. My users enter their Details
>> > (DOMAIN\user and Password) and receive authentication failures
>> > Messages.
>> >
>> > Interestingly enough, this (almost) only occurs in Internet Explorer.
>> > The
>> > same sites work fine with Firefox.
>> >
>> > Thank you in advance for your much needed help.
>> >
>> >
>> >
>> > --
>> > View this message in context:
>> >
>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Problems-with-NTLM-authentication-tp4667742.html
>> > Sent from the Squid - Users mailing list archive at Nabble.com.
>> > _______________________________________________
>> > squid-users mailing list
>> > squid-users at lists.squid-cache.org
>> > http://lists.squid-cache.org/listinfo/squid-users
>> >
>> >
>> >
>> > _______________________________________________
>> > squid-users mailing list
>> > squid-users at lists.squid-cache.org
>> > http://lists.squid-cache.org/listinfo/squid-users
>>
>> not something that squid would be affecting, as squid has nothing to do
>> with the auth to the website.
>>
>> Tools -> Internet Options -> Advanced tab: scroll down until you
>> Security.  Under Security, check the "Enable Integrated Windows
>> Authentication*" check box, and restart your browser.
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141013/49b45be3/attachment.html>


More information about the squid-users mailing list